Use SLSA pre-release that includes deadlock fix

Per the SLSA team this should unlock provenance generation, though verification won't work yet: slsa-framework/slsa-github-generator#3570 (comment) Change-Id: Ia572af830c11e2733a1c0e96906a5264c9f7c62d
jul-sh · Apr 18, 2024 · 1f05e29 · 1f05e29
1 parent 01a7f5f
commit 1f05e29
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/.github/workflows/reusable_provenance.yaml b/.github/workflows/reusable_provenance.yaml
@@ -75,12 +75,11 @@ jobs:
       actions: read
       id-token: write
       contents: write # For uploading provenances.
-    # We are using the slsa-github-generator directly from the main branch,
-    # instead of from one of the release tags. This is because the current release
-    # does not yet include fix for the action deadlocking for certain builds.
+    # We are a pre-release of the slsa-github-generator. This is because the
+    # current release does not include fix for the action deadlocking.
     # Ref: https://github.com/slsa-framework/slsa-github-generator/issues/3571
     # TODO: b/335461780 - Switch to using a released tag once there is one that includes the fix.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml@main
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml@v2.0.0-rc.0
     with:
       builder-image: 'europe-west2-docker.pkg.dev/oak-ci/oak-development/oak-development'
       builder-digest: ${{ needs.get_inputs.outputs.builder-digest }}